Controllerless Networks

Reply
New Contributor

Configuring NPS and IAP for VLAN assignment

I have dug around a lot on this community and have tried various things yet still running into some issues, hoping for some guidance. 

 

We have our employee SSID which is configured for Active Directory authentication through NPS and that is working. The second SSID is for testing VLAN assignment, and once that is working will deprecate the other. 

 

I have been trying to set up passing aruba-user-vlan from NPS server (which is configured per other Airhead articles) to clients connecting to APs. However, when running logs under the Instant GUI>Support I am finding that the client in question is getting assigned the default VLAN 1. 

 

I have the SSID configured for dynamic VLAN assignment with the aruba-user-vlan attribute (as the VLAN). 

 

On Cisco switches, native VLAN is set and all other VLANs I want to pass traffic as well, all ports the APs connect to are dot1q trunked. 

 

Any other ideas? 

Guru Elite

Re: Configuring NPS and IAP for VLAN assignment

New Contributor

Re: Configuring NPS and IAP for VLAN assignment

cjoseph, thank you for linking that article...I have that and like three others similar to that open, have gone through and verified my configuration. 

 

Any other ideas?

Guru Elite

Re: Configuring NPS and IAP for VLAN assignment

I would check to see what attributes you are getting back:

config t
logging level debugging security process authmgr
logging level debugging security subcat aaa

 

Authenticate and then type "show log security 50" to see what the radius server is sending.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Configuring NPS and IAP for VLAN assignment

I have tried that as well. When I log into the CLI and `config t` and then try to run the logging commands, it appears those are not acceptable commands on my platform. When I do a `show version` I am getting "ArubaOS  (MODEL: 225), Version 6.5.4.2." Is there some other way to see what, if any, attributes are being passed?

Guru Elite

Re: Configuring NPS and IAP for VLAN assignment

Try this:

 

show log user-debug

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Configuring NPS and IAP for VLAN assignment

Hello,

That is not showing any data....I am assuming because I am not actively debugging a client? How may I do that? Seems strange the CLI is so sparse on the virtual controller stuff...

Guru Elite

Re: Configuring NPS and IAP for VLAN assignment

You should start by using NT radping, to see if you are receiving any attributes back.  When that happens, you should then test on the live IAP system.  

https://www.novell.com/coolsolutions/tools/14377.html

https://support.secureauth.com/hc/en-us/articles/115000594347-How-To-Test-RADIUS-Using-NTRadPing

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: